Submitted via IRC for TheMightyBuzzard
Canada's Communications Security Establishment (CSE) agency announced this week that the source code for one of its malware detection and analysis tools has been made public.
The Python-based tool released as open source by the spy agency is named Assemblyline and it was created within the CSE's Cyber Defence program. The organization says this is one of the tools it uses to protect the country's computer systems against advanced cyber threats.
Assemblyline allows defenders to automate the analysis of malicious files. The analysis process, which has been compared to a conveyor belt, involves assigning a unique identifier to files as they travel through the system, looking for signs of malicious functionality and extracting features for further analysis, generating alerts for malicious files and assigning them a score, and sending data to other protection systems so that identified threats can be neutralized.
[...] The CSE is not the only spy agency to release open source tools. Last year, the UK's Government Communications Headquarters (GCHQ) made available CyberChef, a tool that allows both technical and non-technical people to analyze encryption, compression and decompression, and data formats.
Source: Canada's CSE Spy Agency Releases Malware Analysis Tool
(Score: 0) by Anonymous Coward on Sunday October 22 2017, @08:39AM